<!DOCTYPE html>
{% autoescape true %}
<html>
    <head>
        <title>Security Demo</title>        
        <link href='/css/base.css' rel='stylesheet' type='text/css'></link>

    </head>

    <body>
        <h1>Security Demo</h1>
        <div>The following demo shows the code details of some attacks and defenses</div>
        <div><a href="" target="_blank">Source</a>: Study the implementation details of the defenses</div>

        <h2>XSS Related Defense</h2>
        <ul>
            <li><a href="/cookie">HttpOnly Cookie</a> - how to set a HtppOnly Only</li>
            <li><a href="/template/json">Using JSON</a> - how to use json safely</li>
            <li><a href="/csp">Content-Security-Policy</a> - how to set CSP</li>
            <li><a href="/sanitize">Input Sanitization</a> - how to sanitize untrusted input</li>
        </ul>

        <h2>Others</h2>
        <ul>
            <li><a href="/csrf">CSRF Attacks</a></li>
        </ul>
        <div>
            * All attacks are pre-defined because we do not want real attackers to insert their attacks in this site. <br>
            * The demo solutions are based on Google App Engine using Python and jinja2 templates
        </div>
    </body>
</html>

{% endautoescape %}